Close
Is your Smart Home safe?
18 April 2023
A study led by Dr Anna Maria Mandalari, Lecturer in Institute of Communications and Connected Systems (ICCS) at UCL Electronic and Electrical Engineering, explores the effectiveness and privacy threats of Commercial IoT Safeguards.
The usage of Consumer IoT (Internet of Things) devices is becoming progressively prevalent in our homes, with household items such as smart speakers and cameras gaining growing popularity as we become increasingly more connected as a society.
Although these devices pose many advantages, they also carry potential threats. To address these concerns, various commercial security solutions have been developed to mitigate privacy and security risks, commonly known as IoT safeguards. However, the efficacy of these safeguards and the associated privacy risks remains a key open question.
In a study conducted jointly with Imperial College London’s Institute for Security Science and Technology (ISST) and Northeastern University, the authors primarily assess the ability of IoT safeguards to detect threats. They established, as open-source, a methodology that leverages automated experimentation with devices and safeguards to uncover their response to typical security threats and privacy risks. The findings suggest that these safeguards may be inadequate in notifying risks, and that their cloud interactions and data collection procedures could potentially pose additional privacy risks for the households that adopt them.
The lead author, Dr Anna Maria Mandalari, has proposed several possible remedies to tackle the emerging problems facing smart homes today. To mitigate privacy risks, there should be a greater focus on methods that rely on local traffic analysis, edge-based solutions operating on the home gateway, and crowdsourcing approaches, such as IoTrim. The enforcement of regulations, standards, and guidelines for manufacturers is crucial to ensuring the security, privacy, and ethical usage of our consumer devices.
For further insights on the research, please read the full text here:
Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards
Authors: Anna Maria Mandalari, Hamed Haddadi, Daniel J. Dubois, David Choffnes
The paper will be presented at the 44th IEEE Symposium on Security and Privacy (Oakland 2023), May 22-25, 2023, San Francisco, CA, & Online.
The research in this article was supported by the EPSRC PETRAS National Centre of Excellence for IoT Systems Cybersecurity (EP/S035362/1), EPSRC Open Plus Fellowship (EP/W005271/1), UKRI’s Strategic Priorities Fund under the SDTaP programme’s commercialization stream (10049005), and the NSF (ProperData SaTC-1955227).
Links
- Dr Anna Maria Mandalari’s profile
- Open-source Methodology
- IoTrim
- IEEE Symposium on Security and Privacy